Suchakra Sharma and Vickie Li, ShiftLeft Inc.
The complexity of modern applications and their deployments means that DevOps needs to wear the security hat from time to time. AppSec knowledge can help DevOps engineers plan their deployments, contingency plans and communicate more effectively with the Security and Development team.
In this talk, we will introduce the principles of application security. We will first talk about the industry-standard OWASP Top 10 vulnerabilities. We will then discuss the secure development lifecycle and how to implement security measures in each step. Finally, we will talk about how security teams can build an AppSec program in their organization to continuously improve their security posture.
Suchakra Sharma, ShiftLeft Inc.
Suchakra Sharma is Staff Scientist at ShiftLeft Inc. where he builds code analysis tools and and hunts security bugs. He completed his Ph.D. in Computer Engineering from Polytechnique Montréal where he worked on eBPF technology and hardware-assisted tracing techniques for OS analysis. As part of his research, he also developed one of the first hardware-trace based virtual machine analysis techniques. He has delivered talks and trainings at venues such as RSA, USENIX LISA, SCALE, Papers We Love, Tracing Summit, etc. When not playing with computers, he hikes and writes poems.
Vickie Li, ShiftLeft Inc.
Vickie Li is the resident developer evangelist at ShiftLeft. She is an experienced web developer with an avid interest in security research. She can be found on https://vickieli.dev, where she blogs about security news, techniques, and her latest bug bounty findings. She also hosts "Security Simplified", a developer education series focusing on web security: https://www.youtube.com/c/vickielidev.
author = {Suchakra Sharma and Vickie Li},
title = {{AppSec} Fundamentals for Modern {DevOps}},
year = {2021},
publisher = {USENIX Association},
month = jun
}
